30 open-source projects similar to cisofy/lynis, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Lynis alternative.
Wazuh is an integrated security platform that combines endpoint detection and response, security information and event management, and cloud workload protection. It functions as a centralized system for collecting telemetry, aggregating logs, and correlating events across distributed infrastructure to maintain security and integrity. The platform distinguishes itself through its active response orchestration, which allows for the automated execution of scripts on remote endpoints to neutralize threats in real time. It provides deep visibility into system activity through file integrity monito
This project provides a framework for managing multi-agent systems, designed to automate complex software development, infrastructure, and business workflows. It functions as a multi-agent workflow orchestrator that routes tasks to domain-specific workers while maintaining state persistence and infrastructure automation. By leveraging large language models, the system decomposes high-level objectives into actionable plans, ensuring that complex operations are executed with consistency and reliability. The framework distinguishes itself through its hierarchical agent registry and policy-driven
Rocky is an open-source enterprise operating system designed for server and cloud infrastructure. It is a community-maintained Linux server distribution that provides a platform focused on stability and security. The project is fundamentally a Red Hat Enterprise Linux compatible operating system, maintaining bug-for-bug binary compatibility to ensure identical software behavior. This allows it to serve as an enterprise-grade platform without proprietary licensing. The distribution covers a broad range of system administration capabilities, including package management via modular repository
Promptfoo is an evaluation framework designed for testing, benchmarking, and red-teaming language models and agentic workflows. It provides a unified environment to run prompts against multiple providers, allowing developers to systematically validate model outputs against objective assertions, semantic similarity metrics, and custom grading rubrics. The platform distinguishes itself through a provider-agnostic execution layer and a stateful orchestrator capable of simulating multi-turn conversations and complex tool-use trajectories. It includes a dedicated adversarial mutation pipeline that
Checkov is a static analysis tool and security scanner designed to identify misconfigurations in infrastructure as code, container images, and Kubernetes configurations. It functions as a cloud security posture tool, an SCA vulnerability scanner, and a secret scanning utility to prevent security breaches and version control leaks. The project distinguishes itself through deep graph analysis and variable resolution, allowing it to map relationships between interconnected resources and evaluate the final state of infrastructure attributes. It provides extensibility for defining custom security
Nikto is an open-source HTTP security auditing tool and web server vulnerability scanner. It functions as a reconnaissance engine designed to identify insecure server options, outdated software, and common vulnerabilities by analyzing HTTP responses. The project differentiates itself through capabilities for intrusion detection evasion and web server fingerprinting. It uses request-level encoding and timing spacers to bypass security filters and employs signature-based identification to determine specific server software versions and misconfigurations. The scanner covers broad capability are
Fail2ban is an intrusion prevention system that monitors system log files to detect malicious activity and automatically enforce security policies. By parsing log data in real time, the tool identifies patterns of unauthorized access or repeated authentication failures and responds by dynamically updating network access control lists to restrict offending sources. The software functions as a firewall automation tool that maintains stateful tracking of suspicious behavior across various network services. It utilizes a regex-driven pattern matching engine to identify specific attack signatures,
Robot Framework is a keyword-driven automation framework designed for acceptance testing and robotic process automation. It utilizes a human-readable, tabular syntax to define test cases and workflows, separating the automation logic from the underlying implementation. By mapping plain-text keywords to executable commands, the framework enables the creation of maintainable and reusable automation sequences. The platform distinguishes itself through a modular architecture that supports the integration of custom libraries and external modules. This extensibility allows users to expand the frame
Kilocode is an autonomous engineering platform designed to orchestrate AI agents for complex software development tasks. It functions as a comprehensive system for automating coding, testing, and repository management by integrating directly with your codebase and terminal. The platform provides a unified gateway for model orchestration, allowing for the management of agentic workflows, event-driven automation, and persistent session state across distributed development environments. The platform distinguishes itself through its federated task management and policy-based access control, which
w3af is a web penetration testing suite and security audit framework designed to identify and exploit vulnerabilities in web applications. It functions as a vulnerability scanner that crawls targets to find injection points and a fuzzer used to discover hidden endpoints and test input validation. The project distinguishes itself by providing an intercepting HTTP proxy for capturing and modifying traffic, combined with a knowledge-base driven exploitation system. It enables the execution of security exploits to gain remote shell access and supports post-exploitation activities, such as routing
The Mobile Application Security Testing Guide is a comprehensive manual and compliance framework for verifying the security of mobile applications. It provides a standardized reference for identifying and validating common software security weaknesses and performing reverse engineering based on industry standards. The project provides a structured set of technical processes and checklists used to audit applications against established security weakness enumerations. It encompasses guidance for analyzing application binaries and runtime behavior to identify hidden functionality and security ga
Osquery is a unified endpoint monitoring framework that exposes operating system internals as relational tables. By representing hardware, network, and process activity as structured data, it allows users to retrieve system state and configuration information using standard SQL syntax. The system distinguishes itself through a cross-platform abstraction layer that normalizes disparate operating system interfaces into a consistent schema across Windows, macOS, and Linux. It supports both interactive local analysis via a command-line shell and distributed fleet orchestration, where recurring qu
This project is a security hardening guide and privacy configuration manual for macOS. It provides a comprehensive set of instructions for configuring system settings to improve privacy, reduce the attack surface, and implement a malware defense framework. The guide covers technical methods for validating software notarization, verifying application sandboxing, and auditing system activity. It distinguishes itself by providing detailed workflows for restricting high-risk features and applying advanced security configurations to protect the operating system. The documentation covers several k
This project is a desktop client for YouTube Music, serving as a cross-platform wrapper that encapsulates the web-based music service within a dedicated application environment. It provides native operating system integration and enhanced window controls for streaming audio. The application is distinguished by its extensibility, featuring a plugin system that allows the execution of custom scripts to modify frontend markup and application behavior. It also supports visual customization through the injection of external stylesheets to modify the user interface themes. The software manages aud
Vorpal is a Node.js interactive CLI framework and terminal user interface library used to build extensible command-line shells. It functions as an interactive command-line parser that converts string input into executable functions, managing the lifecycle of terminal sessions and command routing. The framework is distinguished by a plugin-based extension architecture that allows external modules to register new commands, shared behaviors, and complete command suites into the core environment. It supports the creation of custom shell environments with specialized namespaces and a system for pe
Trivy is a comprehensive security scanner designed to identify vulnerabilities and misconfigurations across container images, filesystems, and infrastructure as code files. It functions as a software composition analysis tool and an infrastructure security scanner, providing automated checks for CI/CD pipelines and cloud environments to ensure the integrity of the software supply chain. The tool distinguishes itself through a modular, plugin-based architecture that allows for the independent inspection of diverse targets. It utilizes a declarative policy engine to evaluate configurations agai
This tool is a command-line utility designed for automated web resource discovery, fuzzing, and application structure mapping. It functions as a security-focused scanner that identifies hidden files, directories, parameters, and virtual hosts by injecting payloads into HTTP requests. By systematically testing how servers handle various inputs, it assists in mapping the architecture of web applications and uncovering potential security vulnerabilities. The tool distinguishes itself through a highly concurrent engine that manages asynchronous request execution and recursive job orchestration. I
OpenSearch is a distributed search and analytics engine designed for indexing, searching, and analyzing massive volumes of structured and unstructured data in real time. It functions as a comprehensive platform that integrates enterprise-grade search capabilities, a vector database for high-dimensional similarity lookups, and a unified observability suite for monitoring logs, metrics, and traces across complex distributed environments. The platform distinguishes itself through its support for agentic workflow automation, allowing users to orchestrate multi-agent tasks and integrate foundation
DbGate is a universal database management tool and SQL client that provides a unified interface for querying and administering multiple SQL and NoSQL databases. It functions as a multi-database administration GUI and SQL IDE, allowing users to write and execute scripts and manage database schemas. The project distinguishes itself by acting as an API client and explorer for REST, GraphQL, and OData services, enabling users to fetch and export data from these endpoints. It also serves as a data integration tool, facilitating the movement of records between diverse databases and file formats suc
OpenMetadata is an enterprise data catalog, metadata platform, and governance suite that functions as a knowledge graph for data assets. It serves as an AI-ready metadata layer, providing governed context and organizational memory to large language model agents via the Model Context Protocol. The platform distinguishes itself by capturing institutional knowledge, linking conversations, decisions, and remediation notes directly to data assets to preserve tribal knowledge. It integrates AI agents to automate metadata governance, such as suggesting descriptions and identifying sensitive data thr
Prowler is a multi-cloud security scanner and security posture management tool. It automates security and compliance assessments across multiple cloud environments to identify misconfigurations and vulnerabilities. The project provides a multi-cloud security analysis engine that operates as an automated auditor, evaluating infrastructure against industry-standard regulatory frameworks and security benchmarks. It features a cloud security visualization dashboard that uses a graph database to map cloud inventory and visualize potential attack paths. Capabilities include automated cloud infrast
Firejail is a Linux application sandbox and kernel security wrapper that isolates untrusted applications from the host system. It uses kernel namespaces and seccomp filters to restrict filesystem access, drop kernel capabilities, and limit the system attack surface. The project is distinguished by its use of predefined security profiles to automatically apply filesystem restrictions and syscall limits based on the executable being launched. It provides specialized isolation for portable packages such as AppImages and implements X11 display isolation via proxy servers to prevent keyboard loggi
OpenCanary is a network service simulator and honeypot designed for network intrusion detection. It functions as a security decoy that creates fake server personalities and open ports to identify unauthorized users scanning a private network. The system uses deception technology to mimic various server protocols, luring attackers into revealing their presence and activity. When a simulated service is accessed, it acts as an intrusion alerting gateway, transmitting notifications via email or webhooks. The project covers internal network monitoring and intrusion source tracking to identify the
This project provides a comprehensive, self-hosted platform for zero-knowledge credential management and enterprise secrets orchestration. It functions as a secure vault that ensures all encryption and decryption processes occur exclusively on the client side, preventing the server from ever accessing plaintext data. By combining identity federation with robust access controls, the system enables organizations to centralize the management of passwords, passkeys, and sensitive infrastructure credentials. The platform distinguishes itself through its focus on both human-centric security and aut
Authentik is a centralized identity and access management platform designed to serve as a unified authentication authority. It enables enterprise single sign-on across diverse applications and services, providing a cloud-native identity provider that manages user sessions and security protocols from a single location. The platform distinguishes itself through a policy-driven flow engine and a visual orchestration interface. This allows administrators to design complex, custom authentication workflows by chaining modular verification stages and conditional logic. These workflows can be further
PEASS-ng is an automated penetration testing framework designed to identify privilege escalation vectors on local systems. It functions as a security assessment utility that scans environments for misconfigurations, sensitive files, and insecure permissions to uncover paths for unauthorized privilege elevation. The project distinguishes itself through a modular script-based enumeration engine that adapts to the target environment. It utilizes environment-aware capability detection and cross-platform shell abstraction to normalize data collection across diverse operating systems, while operati
FreeScout is a self-hosted, open-source help desk and ticket management system built with PHP. It functions as a customer support platform that enables teams to manage shared inboxes and organize customer email conversations into tickets. The platform distinguishes itself as a multi-channel support dashboard that integrates customer relationship management and a knowledge base system. It provides tools for tracking detailed customer profiles and organizational records while offering a programmable interface to manage and expose support articles. The system covers a broad range of support cap
MoviePilot is a self-hosted media orchestrator and NAS media library automator. It coordinates workflows between downloaders, metadata scrapers, and file systems to automate the discovery, downloading, renaming, and organization of movie and television content. The system functions as an LLM media management agent, allowing users to control subscriptions, searches, and file organization through conversational text commands. It also acts as a Model Context Protocol server, exposing internal media management tools via a standardized interface for external AI clients and agents. The project inc
Armortools is a 3D PBR texture painting suite and mesh texture workflow tool. It provides a system for painting physically based rendering materials directly onto 3D meshes using a combination of layer and mask support, a GPU-accelerated texture baker for extracting geometry data from high-polygon models, and a node-based material editor for creating procedural textures. The software features integrated neural network tools for AI texture authoring, allowing the generation of PBR maps from text prompts, image-based material extraction, and texture upscaling via local nodes. It also implements
Ladon is an internal network penetration scanner and vulnerability assessment tool designed to identify high-risk security flaws and assets across network segments. It operates as a fileless security scanner, executing its engine and modules directly in memory to avoid leaving a disk footprint on target systems. The project is distinguished by its integration as a plugin for command beacons, specifically within the Cobalt Strike framework. This allows for memory-resident network discovery and vulnerability detection. It further supports stealth operations through payload and script obfuscatio